[Cs-webapplibs-commits] SF.net SVN: cs-webapplibs:[197] trunk/0.4

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 197
          http://cs-webapplibs.svn.sourceforge.net/cs-webapplibs/?rev=197&view=rev
Author:   crazedsanity
Date:     2011-01-26 18:09:30 +0000 (Wed, 26 Jan 2011)

Log Message:
-----------
Add some stuff for permissions so it will use an "id path", so it will be much easier to 
determine what should inherit from what... EXPERIMENTAL!!!

Modified Paths:
--------------
    trunk/0.4/setup/genericPermissions.pgsql.sql

Added Paths:
-----------
    trunk/0.4/cs_idPath.class.php
    trunk/0.4/cs_urlBasedPermission.class.php

Copied: trunk/0.4/cs_idPath.class.php (from rev 195, trunk/0.4/cs_genericPermission.class.php)
===================================================================

--- trunk/0.4/cs_idPath.class.php	                        (rev 0)
+++ trunk/0.4/cs_idPath.class.php	2011-01-26 18:09:30 UTC (rev 197)
@@ -0,0 +1,26 @@
+<?php
+/*
+ * Created on January 26, 2011
+ * 
+ * FILE INFORMATION:
+ * 
+ * $HeadURL$
+ * $Id$
+ * $LastChangedDate$
+ * $LastChangedBy$
+ * $LastChangedRevision$
+ */
+
+class cs_idPath extends cs_webapplibsAbstract {
+	
+	/** cs_globalFunctions object, for cleaning strings & such. */
+	public $gfObj;
+	
+	//============================================================================
+	/**
+	 */
+	public function __construct() {
+	}//end __construct()
+	//============================================================================
+	
+}


Property changes on: trunk/0.4/cs_idPath.class.php
___________________________________________________________________
Added: svn:keywords
   + Id
Author
Revision
HeadURL
Date
Added: svn:mergeinfo
   + 

Copied: trunk/0.4/cs_urlBasedPermission.class.php (from rev 195, trunk/0.4/cs_genericPermission.class.php)
===================================================================
--- trunk/0.4/cs_urlBasedPermission.class.php	                        (rev 0)
+++ trunk/0.4/cs_urlBasedPermission.class.php	2011-01-26 18:09:30 UTC (rev 197)
@@ -0,0 +1,54 @@
+<?php
+/*
+ * Created on January 26, 2011
+ * 
+ * FILE INFORMATION:
+ * 
+ * $HeadURL$
+ * $Id$
+ * $LastChangedDate$
+ * $LastChangedBy$
+ * $LastChangedRevision$
+ */
+
+class cs_urlBasedPermission extends cs_genericPermission {
+	
+	
+	//============================================================================
+	/**
+	 * Permission system for Web URLs; so "http://web.site.com/index" can have 
+	 * special permissions.  The most important part is that a permission set for 
+	 * the URL "/" might have a setting, and "/x/y/z" might as well, without 
+	 * anything for the interim URLs ("/x", "/x/y", "/x/y/z"); those missing URLs 
+	 * are given the permissions for the closest URL (in this case "/").
+	 */
+	public function __construct(cs_phpDB $db) {
+		$this->db = $db;
+		$this->gfObj = new cs_globalFunctions;
+		parent::__construct($db);
+	}//end __construct()
+	//============================================================================
+	
+	
+	
+	//============================================================================
+	/**
+	 * Break the URL into bits (delimited by "/"), and return an array.
+	 */
+	private function _get_url_bits($url) {
+		$url = $this->gfObj->clean_url($url);
+		if(!is_array($url)) {
+			$bits = array("/");
+		}
+		else {
+			$bits = explode("/", $url);
+		}
+		return($bits);
+	}//end _get_url_bits()
+	//============================================================================
+	
+	
+	
+	//============================================================================
+	//============================================================================
+}


Property changes on: trunk/0.4/cs_urlBasedPermission.class.php
___________________________________________________________________
Added: svn:keywords
   + Id
Author
Revision
HeadURL
Date
Added: svn:mergeinfo
   + 

Modified: trunk/0.4/setup/genericPermissions.pgsql.sql
===================================================================
--- trunk/0.4/setup/genericPermissions.pgsql.sql	2011-01-26 18:08:16 UTC (rev 196)
+++ trunk/0.4/setup/genericPermissions.pgsql.sql	2011-01-26 18:09:30 UTC (rev 197)
@@ -6,7 +6,8 @@
 CREATE TABLE cswal_group_table (
 	group_id serial NOT NULL PRIMARY KEY,
 	group_name text NOT NULL UNIQUE,
-	group_admin integer REFERENCES cs_authentication_table(uid)
+	group_admin integer REFERENCES cs_authentication_table(uid),
+	created TIMESTAMPTZ NOT NULL DEFAULT NOW()
 );
 
 --
@@ -17,21 +18,54 @@
 CREATE TABLE cswal_user_group_table (
 	user_group_id serial NOT NULL PRIMARY KEY,
 	user_id integer NOT NULL REFERENCES cs_authentication_table(uid),
-	group_id integer NOT NULL REFERENCES cswal_group_table(group_id)
+	group_id integer NOT NULL REFERENCES cswal_group_table(group_id),
+	created TIMESTAMPTZ NOT NULL DEFAULT NOW()
 );
 
 
+-- 
+-- System Table
+-- Allows types of permissions to be separated (i.e. URL-based permissions from action-based permissions)
+-- NOTE::: setting "use_default_deny" to TRUE means requests to objects within the given system are automatically denied, a setting
+--	of FALSE means those requests are automatically granted (USE WITH CAUTION).
+-- 
+CREATE TABLE cswal_system_table (
+	system_id serial NOT NULL PRIMARY KEY,
+	system_name text NOT NULL UNIQUE,
+	use_default_deny boolean NOT NULL DEFAULT TRUE,
+	created TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+
+-- 
+-- Object table
+-- Unique set of names which should be chained together to create an object path; for a URL of "/member/blog/edit", the pieces would be created 
+--	with ID's, such as "member"=1, "blog"=2, "edit"=3; the object path would then be ":1::2::3:"; an extra prefix element might be created to 
+--	define a default, inheritable set of permissions, such as "{root}"=10; the path might then be ":10::1::2::3:".
 --
--- Object table
--- Contains unique list of objects along with the owner, default group, & user/group/other permissions (like *nix filesystem permissions)
+CREATE TABLE cswal_object_table (
+	object_id integer NOT NULL PRIMARY KEY,
+	object_name text NOT NULL UNIQUE,
+	is_hidden boolean NOT NULL DEFAULT FALSE,
+	created TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+
+--
+-- Permission table
+-- Contains unique list of object paths along with the owner, default group, & user/group/other permissions (like *nix filesystem permissions)
 -- The permissions for user/group/other could be converted to octal (i.e. "rwxrwxrwx" == "777"), but it isn't as straightforward to read.
 -- NOTE::: the "user_id" table should be updated to match your database schema.
+-- NOTE2:: the "inherit" column isn't used by the base permissions system.
+-- NOTE3:: the "object_path" is a chain of object_id's.
 --
-CREATE TABLE cswal_object_table (
-	object_id serial NOT NULL PRIMARY KEY,
-	object_name text NOT NULL UNIQUE,
+CREATE TABLE cswal_permission_table (
+	permission_id serial NOT NULL PRIMARY KEY,
+	system_name integer NOT NULL DEFAULT 0 REFERENCES cswal_system_table(system_id),
+	object_path text NOT NULL UNIQUE,
 	user_id integer NOT NULL REFERENCES cs_authentication_table(uid),
 	group_id integer NOT NULL REFERENCES cswal_group_table(group_id),
+	inherit boolean NOT NULL DEFAULT FALSE,
 	u_r boolean NOT NULL DEFAULT TRUE,
 	u_w boolean NOT NULL DEFAULT TRUE,
 	u_x boolean NOT NULL DEFAULT FALSE,
@@ -40,20 +74,26 @@
 	g_x boolean NOT NULL DEFAULT FALSE,
 	o_r boolean NOT NULL DEFAULT TRUE,
 	o_w boolean NOT NULL DEFAULT FALSE,
-	o_x boolean NOT NULL DEFAULT FALSE
+	o_x boolean NOT NULL DEFAULT FALSE,
+	created TIMESTAMPTZ NOT NULL DEFAULT NOW()
 );
 
+INSERT INTO cswal_system_table (system_id, system_name) VALUES (0, 'DEFAULT');
 
 INSERT INTO cswal_group_table (group_name) VALUES ('www');
 INSERT INTO cswal_group_table (group_name) VALUES ('blogs');
 INSERT INTO cswal_group_table (group_name) VALUES ('admin');
 
-INSERT INTO cswal_object_table 
-	(object_name,user_id, group_id)
+INSERT INTO cswal_object_table (object_id, object_name,is_hidden) VALUES (0, '/', true);
+INSERT INTO cswal_object_table (object_id, object_name,is_hidden) VALUES (1, 'member', false);
+
+INSERT INTO cswal_permission_table 
+	(object_path,user_id, group_id)
 	VALUES
-	('/',        101,     1);
+	(':0:',        101,     1);
 
-INSERT INTO cswal_object_table
-	(object_name, user_id, group_id, g_r,  g_w)
+INSERT INTO cswal_permission_table
+	(object_path, user_id, group_id, g_r,  g_w)
 	VALUES 
-	('/member', 101,       2,        true, true);
+	(':0::1:', 101,       2,        true, true);
+


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.


